OLPSUP-9046: Handle expired Director's target metadata #1548
Conversation
|
@lbonn Please, see if it makes sense to you, I am just not sure if this is the right fix for https://saeljira.it.here.com/browse/OLPSUP-9046, as an alternative we could "cancel" a pending update if its metadata are expired. |
mike-sul
force-pushed
the
fix/OLPSUP-9046/handle-expired-metadata
branch
from
e1ac39e
to
748d6e8
Compare
| @@ -63,6 +63,7 @@ bool DirectorRepository::checkMetaOffline(INvStorage& storage) { | |||
| } | |||
|
|
|||
| if (targetsExpired()) { | |||
| last_exception = Uptane::ExpiredMetadata(type.toString(), Role::Targets().ToString()); | |||
| return; | ||
| } | ||
|
|
||
| LOG_INFO << "Device has been rebooted after an update"; | ||
| LOG_INFO << "Check if there is any pending update for Primary ECU to be applied."; |
There was a problem hiding this comment.
This text reads like a suggestion to the user, whereas it's a description of the current operation.
| LOG_INFO << "Check if there is any pending update for Primary ECU to be applied."; | |
| LOG_INFO << "Checking for pending update for primary ECU to apply"; |
There was a problem hiding this comment.
ok, will update accordingly
| @@ -35,47 +35,24 @@ enum class TargetStatus { | |||
|
|
|||
| class PackageManagerInterface { | |||
| public: | |||
| PackageManagerInterface(PackageConfig pconfig, BootloaderConfig bconfig, std::shared_ptr<INvStorage> storage, | |||
There was a problem hiding this comment.
As you mentioned in your comment, this would break #1498. Do you then have an alternative design to propose? Also, the exception in this PR is the Debian package manager which we don't really care about.
Maybe an intermediate solution would just be to pass a const reference to the full config here, so that implementations can pick what's needed.
In any case, I would prefer if we kept this change in another PR since it's independent from the other changes.
There was a problem hiding this comment.
It's not independent, the interface cleanup depends on the fix implementation.
I thought that this is what Eugene intended eventually to do with moving the bootloader instance under the ostree package manager.
I will remove the pack man interface cleanup from this PR and create another PR, although the later will depend on this PR.
mike-sul
force-pushed
the
fix/OLPSUP-9046/handle-expired-metadata
branch
from
6fffd1e
to
470a297
Compare
- Apply pending update even if its metadata are expired provided that it was installed before the expiration - Add tests for the target metadata expiration use-case Signed-off-by: Mike Sul <ext-mykhaylo.sul@here.com>
mike-sul
force-pushed
the
fix/OLPSUP-9046/handle-expired-metadata
branch
from
470a297
to
230c905
Compare
Codecov Report
@@ Coverage Diff @@
## master #1548 +/- ##
==========================================
+ Coverage 81.89% 82.05% +0.15%
==========================================
Files 186 186
Lines 11424 11451 +27
==========================================
+ Hits 9356 9396 +40
+ Misses 2068 2055 -13
Continue to review full report at Codecov.
|
mike-sul
force-pushed
the
fix/OLPSUP-9046/handle-expired-metadata
branch
2 times, most recently
from
c45055f
to
2d66e5a
Compare
| // e.g. the pacman will reset/clear the flag by itself | ||
| _ostreePackMan->rebootFlagClear(); | ||
| return install_result; | ||
| return _ostreePackMan->finalizeInstall(target); |
There was a problem hiding this comment.
Not related to this PR really but according to good sources, identifiers starting with underscores should be avoided as they are reserved for "C++ implementations": https://stackoverflow.com/a/20496955/1931271
There was a problem hiding this comment.
It actually contradicts the google coding guidelines that we supposed to follow, I found out about it just after this change was merged. I will change this underscore naming to make it consistent with our coding style in another PR.
But personally I prefer/like this code guideline https://www.appinf.com/download/CppCodingStyleGuide.pdf which says the following in regard of underscore usage:
"
Rule 30
Global names must not begin with one or two underscores (“_” or “__”).
This is forbidden by the C++ standard as such names are reserved for use by
the compiler.
Rule 31
With the exceptions of constants and enumeration values, there are no
underscores in names (after the first character of the name). 2
"
Rule 33
The name of a private or protected member variable begins with a single
underscore.3
This is the only underscore in such a name (see Rule 31).
There was a problem hiding this comment.
Ah cool, this guide might have interesting insights as well.
In this case, however, even the C++ standard has something to say (2.10):
In addition, some identifiers are reserved for use by C++implementations and shall not be used otherwise;no diagnostic is required.
— Each identifier that contains a double underscore__or begins with an underscore followed by an uppercase letter is reserved to the implementation for any use.
— Each identifier that begins with an underscore is reserved to the implementation for use as a name int he global namespace.
It doesn't exactly conflict as these are not in the global namespace and do not follow the underscore by an uppercase letter but that's quite close.
| @@ -65,6 +65,7 @@ class OstreeManager : public PackageManagerInterface { | |||
|
|
|||
| private: | |||
| TargetStatus verifyTargetInternal(const Uptane::Target &target) const; | |||
| data::InstallationResult applyInstall(const Uptane::Target &target); | |||
There was a problem hiding this comment.
Do we need this new method? We would have install, completeInstall, finalizeInstall and applyInstall. This is starting to get a bit confusing. Or maybe it's missing some docs and/or comments?
There was a problem hiding this comment.
It's a private helper method and is not part of the class interface as the other listed methods are, but it, indeed is not really useful now and can be removed
|
Looks good, just had some minor comments. |
Signed-off-by: Mike Sul <ext-mykhaylo.sul@here.com>
mike-sul
force-pushed
the
fix/OLPSUP-9046/handle-expired-metadata
branch
from
2d66e5a
to
461f7b6
Compare
|
@lbonn Updated |
|
I am not sure we should merge this. The backend is returning expired metadata, which is wrong, there is fix in sit right now for this |
Without this fix the issue will persists even if the backend returns correctly refreshed metadata (not expired date stamp and incremented version). I emulated the correct back-end behavior by using uptane-generator utility and could reproduce the issue, changes in this PR fixes this issue. I actually managed to get exactly the same error log sequence that Carmeq reported against aktualizr version that they use and this error log sequence is kind of unique and can happen only in one specific scenario - locally stored targets metadata are expired after installation but before a device is rebooted.
|
|
This is a different issue than the backend one. The scenario is:
|
|
@lbonn ah ok, my mistake. |
was installed before the expiration
Signed-off-by: Mike Sul ext-mykhaylo.sul@here.com